Lucene search
+L

4465 matches found

CVE
CVE
added 2024/09/03 10:40 p.m.416 views

CVE-2024-8362

CVE-2024-8362 affects Google Chrome/Chromium WebAudio: a use-after-free in WebAudio leads to potential heap corruption on crafted HTML pages. Affected product/component: Chromium/WebAudio in Chrome prior to 128.0.6613.119. Root cause: use-after-free in WebAudio paths. Impact per sources: remote a...

8.8CVSS7.1AI score0.00526EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.414 views

CVE-2024-3834

Concrete details found: CVE-2024-3834 affects Google Chrome/Chromium, describing a Use-after-Free in the Downloads component that could enable heap corruption via a crafted HTML page. Affected versions are prior to 124.0.6367.60. The issue has been addressed in newer Chromium/Chrome updates (e.g....

8.8CVSS8.8AI score0.01009EPSS
CVE
CVE
added 2023/03/07 9:42 p.m.413 views

CVE-2023-1234

CVE-2023-1234 affects Google Chrome on Android prior to 111.0.5563.64, due to an inappropriate implementation in Intents that enables domain spoofing via a crafted HTML page. The CVSS v3.1 base score is 4.3 (Medium). Public details in connected sources include PoC/exploit repositories related to ...

4.3CVSS4.9AI score0.00707EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.413 views

CVE-2024-8033

The CVE-2024-8033 issue affects Chromium-based Google Chrome (Windows) through an Inappropriate implementation in WebApp Installs that could allow UI spoofing via a crafted HTML page before the 128.0.6613.84 update. Connected advisories confirm this CVE is among the Chrome/Chromium security fixes...

4.3CVSS6.4AI score0.00277EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.412 views

CVE-2024-7978

CVE-2024-7978 is a Chrome/Chromium vulnerability: Insufficient policy enforcement in Data Transfer allowed cross-origin data leakage via a crafted HTML page when a user engages specific UI gestures. Affected product: Google Chrome/Chromium-based browsers. Root cause: insufficient policy enforceme...

4.3CVSS6AI score0.00421EPSS
CVE
CVE
added 2024/04/06 2:53 p.m.411 views

CVE-2024-3159

CVE-2024-3159 affects Google Chrome/Chromium’s V8 engine. It is an out-of-bounds memory access vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. The flaw exists in Chrome/Chromium versions prior to 123.0.6312.105 and is addressed by updating...

8.8CVSS8AI score0.01599EPSS
CVE
CVE
added 2019/06/27 4:13 p.m.407 views

CVE-2019-5785

CVE-2019-5785: An integer overflow in Skia led to potential arbitrary code execution via a crafted HTML page. Affected products include Google Chrome (Skia) prior to 72.0.3626.81 and Mozilla components used by Thunderbird/Firefox (e.g., Skia in Thunderbird before 60.5.1). Mitigation: patch Chrome...

6.5CVSS6.9AI score0.01192EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.406 views

CVE-2024-7975

CVE-2024-7975 corresponds to an Inappropriate implementation in Permissions in Google Chrome/Chromium, enabling UI spoofing via a crafted HTML page. The connected sources confirm the issue affects Chrome/Chromium prior to version 128.0.6613.84, with Medium severity (CVSS 4.3). Debian security adv...

4.3CVSS6.4AI score0.00415EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.404 views

CVE-2024-7965

CVE-2024-7965 affects Google Chrome’s V8 engine (Chromium) with an inappropriate implementation vulnerability that allows remote heap corruption via a crafted HTML page. Impact is High (CVE entry notes potential exploitation, with network attack vector and user interaction required). Affected sof...

8.8CVSS6.6AI score0.17227EPSS
In wild
CVE
CVE
added 2023/10/05 5:13 p.m.399 views

CVE-2023-5346

CVE-2023-5346 affects Google Chrome/Chromium’s V8 engine prior to 117.0.5938.149. A type confusion in V8 could allow a remote attacker to trigger heap corruption via a crafted HTML page, with high severity (CVSS 3.1: 8.8, network attack vector, user interaction required). Affected component is Ch...

8.8CVSS8.4AI score0.01738EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.399 views

CVE-2024-3838

CVE-2024-3838 affects Google Chrome/Chromium Autofill: an inappropriate Autofill implementation allowed UI spoofing via a crafted app, when a user is lured to install malware. The issue exists in Chrome prior to 124.0.6367.60; remediation is to upgrade to 124.0.6367.60 or newer. Exploitation deta...

5.5CVSS5.7AI score0.00366EPSS
CVE
CVE
added 2024/11/19 7:11 p.m.397 views

CVE-2024-11395

CVE-2024-11395 is a type confusion vulnerability in V8 (Chrome/Chromium) that enables potential heap corruption via a crafted HTML page. Public docs identify affected product families as Google Chrome/Chromium and report impact as high. The Debian security advisory confirms fixes in Chromium 131....

8.8CVSS6.6AI score0.00355EPSS
CVE
CVE
added 2025/06/24 8:3 p.m.397 views

CVE-2025-6555

CVE-2025-6555 affects Google Chrome (Chromium-based) and its Animation component. The vulnerability is described as a use-after-free leading to potential heap corruption via a crafted HTML page. Chromium/chrome advisories indicate the fix is included in Chrome 138.0.7204.49 (Linux/Windows/macOS),...

5.4CVSS7.3AI score0.00158EPSS
CVE
CVE
added 2024/06/19 11:40 p.m.396 views

CVE-2024-6100

Summary: CVE-2024-6100 is a type confusion in V8 affecting Google Chrome/Chromium prior to 126.0.6478.114, enabling a remote attacker to execute arbitrary code via a crafted HTML page. The issue is rooted in V8's type handling, with an attack vector over the network and a required user interactio...

8.8CVSS7.2AI score0.01138EPSS
CVE
CVE
added 2024/04/06 2:53 p.m.395 views

CVE-2024-3156

CVE-2024-3156 affects Chromium/Google Chrome via an inappropriate implementation in V8, allowing remote memory-out-of-bounds access through a crafted HTML page on versions prior to 123.0.6312.105. Debian security advisory confirms the fix is in chromium 123.0.6312.105-1~deb12u1 for stable (bookwo...

8.8CVSS8AI score0.01131EPSS
CVE
CVE
added 2024/10/08 11:2 p.m.392 views

CVE-2024-9602

CVE-2024-9602 affects Chromium/Google Chrome's V8 engine. A type confusion in V8 allows a remote attacker to trigger an out-of-bounds memory write via a crafted HTML page on Chrome/Chromium builds older than 129.0.6668.100. Impact is high as per CVSS, with potential for arbitrary code execution o...

8.8CVSS6.4AI score0.00768EPSS
CVE
CVE
added 2024/04/06 2:53 p.m.391 views

CVE-2024-3158

CVE-2024-3158 (Chromium/Google Chrome): Use-after-free in Bookmarks handling can lead to heap corruption via a crafted HTML page in Chrome/Chromium before version 123.0.6312.105. A remote attacker could potentially exploit this vulnerability. Affected software/version info in sources shows patche...

8.8CVSS8.8AI score0.00773EPSS
CVE
CVE
added 2024/09/17 9:7 p.m.391 views

CVE-2024-8904

CVE-2024-8904: Type Confusion in V8 affecting Google Chrome’s Chromium-based stack prior to 129.0.6668.58, enabling potential heap corruption via a crafted HTML page. Connected sources confirm this impacts Chrome/V8 and Chromium builds; Debian and Linux distributions report fixes in 129.0.6668.58...

8.8CVSS6.6AI score0.00472EPSS
CVE
CVE
added 2023/10/11 10:28 p.m.387 views

CVE-2023-5485

CVE-2023-5485 affects Google Chrome/Chromium: an inappropriate Autofill implementation prior to 118.0.5993.70 allows a remote attacker to bypass Autofill restrictions via a crafted HTML page. The vulnerability is characterized with a Low Chromium security severity and a Medium CVSS v3.1 base scor...

4.3CVSS4.9AI score0.00683EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.385 views

CVE-2025-0434

CVE-2025-0434 describes an out-of-bounds memory access in V8 (Google Chrome/Chromium) prior to version 132.0.6834.83, potentially enabling heap corruption via a crafted HTML page and a remote attack. Mitigation: update to Chrome/Chromium 132.0.6834.83 or later; Debian security advisory confirms t...

8.8CVSS6.9AI score0.05945EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.384 views

CVE-2024-3837

CVE-2024-3837 is a Chrome/Chromium vulnerability described as a use-after-free in QUIC that could allow heap corruption when a renderer process is compromised. Affected software is Google Chrome/Chromium prior to version 124.0.6367.60. The underlying issue is triggered by crafted HTML pages, with...

8.8CVSS6.4AI score0.0094EPSS
CVE
CVE
added 2024/03/06 6:34 p.m.383 views

CVE-2024-2173

CVE-2024-2173 is an out-of-bounds memory access vulnerability in V8 used by Google Chrome/Chromium, with the affected public fix version 122.0.6261.111. Multiple connected sources (Chromium/Chrome release notes, Fedora/Debian security updates, and FreeBSD electron references) confirm the issue an...

8.8CVSS8.6AI score0.13556EPSS
CVE
CVE
added 2024/03/06 6:34 p.m.382 views

CVE-2024-2174

CVE-2024-2174 affects Chromium/Google Chrome’s V8 engine. An inappropriate implementation in V8 allowed heap corruption via a crafted HTML page, enabling a remote attacker to potentially exploit it. Impact is described as high (C/H/I/A). Affected version is prior to 122.0.6261.111; Chrome/Chromiu...

8.8CVSS5.7AI score0.12558EPSS
CVE
CVE
added 2024/05/22 3:11 p.m.382 views

CVE-2024-5158

CVE-2024-5158 is a type confusion in V8 in Google Chrome prior to 125.0.6422.76, allowing a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. The vulnerability is documented across multiple sources and mitigations indicate upgrading to Chrome 125.0.6422.76 (stab...

8.8CVSS5.8AI score0.0061EPSS
CVE
CVE
added 2024/12/11 5:52 p.m.381 views

CVE-2024-12381

CVE-2024-12381 is a type confusion vulnerability in V8 for Google Chrome before 131.0.6778.139 that could allow a remote attacker to cause heap corruption via a crafted HTML page. The connected release notes confirm the flaw and assign high severity; Debian security advisory also references the i...

8.8CVSS6.2AI score0.04013EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.376 views

CVE-2024-3847

CVE-2024-3847 affects Chromium-based WebUI components (Chrome/Chromium) and is caused by Insufficient policy enforcement in WebUI, enabling a remote attacker to bypass the Content Security Policy via a crafted HTML page. Publicly discussed in ChromeOS/Chromium advisories and Debian security notic...

9.8CVSS5.4AI score0.00801EPSS
CVE
CVE
added 2025/03/19 6:59 p.m.376 views

CVE-2025-2476

Use-after-free in Lens within Google Chrome (Chromium) up to version 134.0.6998.117 can allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected component: Lens in Chrome/Chromium; root cause: use-after-free. Impact per provided sources: potential arbitrary code execut...

8.8CVSS6.8AI score0.00791EPSS
CVE
CVE
added 2026/02/11 6:8 p.m.374 views

CVE-2026-2323

The CVE-2026-2323 issue affects Google Chrome/Chromium, stemming from an inappropriate implementation in the Downloads component. This allowed a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is tied to Chrome/Chromium builds before version 145.0.7632.45; upgrad...

4.3CVSS5.6AI score0.00223EPSS
CVE
CVE
added 2019/12/10 9:1 p.m.373 views

CVE-2019-13751

CVE-2019-13751 is a SQLite-related information disclosure in Google Chrome/Chromium. The issue arises from an uninitialized value in the SQLite library, exploited via a crafted HTML page to read potentially sensitive data from the process memory. Publicly documented fixes are included in Chromium...

6.5CVSS6.2AI score0.02037EPSS
CVE
CVE
added 2019/02/19 5:0 p.m.369 views

CVE-2019-5782

CVE-2019-5782 is a Chrome/V8 vulnerability in TurboFan’s typer module where an incorrect type inference for arguments.length causes BCE to elide a bounds check, enabling out-of-bounds access and, per the Connected documents, reliable code execution. The CVE targeted Chrome versions around 63–72, ...

8.8CVSS7AI score0.12879EPSS
CVE
CVE
added 2021/08/03 7:41 p.m.366 views

CVE-2021-30588

The CVE-2021-30588 entry maps to a Chrome/Chromium V8 issue, where a type confusion in V8 prior to 92.0.4515.107 could allow a remote attacker to trigger heap corruption via a crafted HTML page, potentially enabling arbitrary code execution or content spoofing. Connected advisories corroborate th...

8.8CVSS8.6AI score0.01992EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.366 views

CVE-2024-3841

CVE-2024-3841 affects Google Chrome/Chromium where the Browser Switcher failed data validation, allowing a remote attacker to inject scripts/HTML into a privileged page via a malicious file. Connected sources confirm the issue in Chromium/Chrome and note remediation via updated builds. Debian sec...

7.6CVSS5.3AI score0.00656EPSS
CVE
CVE
added 2024/08/01 6:5 p.m.366 views

CVE-2024-6990

CVE-2024-6990 concerns Google Chrome on Android (Dawn) with uninitialized use, allowing potential out-of-bounds memory access via a crafted HTML page. Affected component: Dawn in Chromium-based Chrome; root cause per sources is uninitialized use. Impact as described: potential remote code executi...

8.8CVSS6.3AI score0.00916EPSS
CVE
CVE
added 2024/06/11 8:58 p.m.365 views

CVE-2024-5830

CVE-2024-5830 is a Type Confusion in V8 affecting Google Chrome/Chromium prior to 126.0.6478.54. A remote attacker could trigger an out-of-bounds memory write via a crafted HTML page. Impact is High (C/H/I/A). Mitigations: update to Chrome 126.0.6478.54 or newer; Debian security advisory shows fi...

8.8CVSS6.6AI score0.00924EPSS
CVE
CVE
added 2024/09/03 10:40 p.m.365 views

CVE-2024-7970

CVE-2024-7970: Out-of-bounds write in V8 used by Google Chrome prior to 128.0.6613.119 can allow a remote attacker to potentially cause heap corruption via a crafted HTML page. Affected component is Chrome/Chromium’s V8 engine; impact is high (remote code execution/compromise of confidentiality, ...

8.8CVSS6.7AI score0.00491EPSS
CVE
CVE
added 2024/05/15 8:42 p.m.364 views

CVE-2024-4950

CVE-2024-4950 pertains to Chromium/Google Chrome prior to 125.0.6422.60, where an inappropriate implementation in Downloads could let a remote attacker lure a user into specific UI gestures to spoof UI via a crafted HTML page. Affected products are Chrome/Chromium browsers; the underlying issue i...

6.5CVSS5.5AI score0.00912EPSS
CVE
CVE
added 2025/02/04 6:53 p.m.363 views

CVE-2025-0444

CVE-2025-0444 is a use-after-free in Skia within Google Chrome before version 133.0.6943.53, leading to potential heap corruption via a crafted HTML page. The issue is acknowledged as High severity; Chrome fixed it in the 133.0.6943.53 release, and Debian security advisories also reference the fi...

6.3CVSS7.1AI score0.00338EPSS
CVE
CVE
added 2021/06/04 5:15 p.m.362 views

CVE-2021-30513

CVE-2021-30513 corresponds to a type confusion in V8 of the Chromium browser (pre-90.0.4430.212). The issue affects Chromium/Chrome’s V8 engine and is described as a type confusion vulnerability in the JavaScript engine, potentially enabling heap-related corruption via crafted HTML pages. Connect...

8.8CVSS8.4AI score0.01999EPSS
CVE
CVE
added 2023/08/22 11:56 p.m.362 views

CVE-2023-4430

CVE-2023-4430 is a use-after-free in Vulkan within Google Chrome/Chromium prior to 116.0.5845.110, enabling remote heap corruption via a crafted HTML page. Affected: Chrome/Chromium; root cause: use-after-free in Vulkan handling. Impact: high (remote code execution risk, heap corruption). Remedia...

8.8CVSS8.8AI score0.08801EPSS
CVE
CVE
added 2024/11/06 4:9 p.m.361 views

CVE-2024-10827

CVE-2024-10827 affects Chromium/Google Chrome prior to version 130.0.6723.116. The issue is a use-after-free in Serial, enabling remote heap corruption via a crafted HTML page. The vulnerability is rated High severity (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Public advisories confirm a f...

8.8CVSS6.7AI score0.00637EPSS
CVE
CVE
added 2024/07/16 9:43 p.m.361 views

CVE-2024-6772

CVE-2024-6772 affects Google Chrome/Chromium and is tied to the V8 engine. A crafted HTML page can trigger an out-of-bounds memory access, allowing a remote attacker to potentially achieve arbitrary behavior. Affected versions are Chrome/Chromium before 126.0.6478.182. Public docs in Debian/FreeB...

8.8CVSS6.2AI score0.00529EPSS
CVE
CVE
added 2019/12/10 9:1 p.m.360 views

CVE-2019-13750

CVE-2019-13750 affects Google Chrome (Chromium) where the SQLite component used by Chrome allowed insufficient data validation, enabling a remote attacker to bypass defense-in-depth via a crafted HTML page. Affected product: Chrome/Chromium with the SQLite library integrated; root cause: data val...

6.5CVSS6.3AI score0.02207EPSS
CVE
CVE
added 2023/05/30 9:31 p.m.360 views

CVE-2023-2937

CVE-2023-2937 is an issue in Google Chrome’s Picture-in-Picture (PiP) component where an insecure PiP implementation in Chrome/Chromium allowed a remote attacker with a compromised renderer to spoof the Omnibox (URL bar) via a crafted HTML page. The vulnerability is described as an Inappropriate ...

4.3CVSS4.7AI score0.00906EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.360 views

CVE-2024-3839

CVE-2024-3839 describes an out-of-bounds read in Fonts in Google Chrome/Chromium, allowing a remote attacker to potentialy read sensitive data from process memory via a crafted HTML page. Connected sources corroborate the issue across Chromium-based products (Astra Linux, Debian chromium security...

6.5CVSS5.1AI score0.00683EPSS
CVE
CVE
added 2024/05/01 12:50 p.m.360 views

CVE-2024-4331

CVE-2024-4331 affects Chromium-based browsers (Google Chrome/Chromium) with use-after-free in Picture-in-Picture prior to 124.0.6367.118. The vulnerability could allow a remote attacker to induce heap corruption via a crafted HTML page, with high impact across confidentiality, integrity, and avai...

8.8CVSS6.4AI score0.01228EPSS
CVE
CVE
added 2024/05/15 8:42 p.m.360 views

CVE-2024-4948

CVE-2024-4948 affects Chromium-based Google Chrome, specifically the Dawn WebGPU component, with.a Use-After-Free in Dawn leading to potential heap corruption when presented with a crafted HTML page. Reports in multiple sources (Debian security advisory, Fedora/Chromium updates, and related Chrom...

8.8CVSS6.5AI score0.00939EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.359 views

CVE-2020-6405

CVE-2020-6405 is an out-of-bounds read in the SQLite component of Chromium-based Chrome prior to 80.0.3987.87, enabling a remote attacker to disclose potentially sensitive information from process memory via a crafted HTML page. Affected: Chrome/Chromium with SQLite. Impact: information disclosur...

6.5CVSS6.3AI score0.02625EPSS
CVE
CVE
added 2022/08/12 7:35 p.m.359 views

CVE-2022-2603

The CVE-2022-2603 entry describes a use-after-free in Chrome/Chromium’s Omnibox that could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected software is Google Chrome/Chromium (prior to version 104.0.5112.79). The vulnerability’s impact is described as possible ...

8.8CVSS8.8AI score0.00664EPSS
CVE
CVE
added 2025/01/15 10:58 a.m.359 views

CVE-2025-0438

CVE-2025-0438 corresponds to a stack buffer overflow in Chrome/Chromium tracing code that could enable remote exploitation via a crafted HTML page. Affected software is Google Chrome (Chromium-based); impact is high per sources. Remediation across provided documents includes updating to Chromium/...

8.8CVSS7.3AI score0.0046EPSS
CVE
CVE
added 2024/04/17 7:46 a.m.358 views

CVE-2024-3840

CVE-2024-3840 affects Google Chrome/Chromium where insufficient policy enforcement in Site Isolation could allow a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is mitigated in Chrome/Chromium 124.0.6367.60 (and newer); Debian security advisory lists 124.0.6...

7.5CVSS5.4AI score0.00748EPSS
Total number of security vulnerabilities4465